All notable changes to this project will be documented in this file.
- OrderedDict has no
.add()method — use key assignment for delivery dedup cache (66ad287) - Bash syntax error in SANDBOX_CMD (
& &&) preventing runner from starting (8b9857f) - Label contention in
test.yml— addedjob-${{ github.run_id }}unique label for 1:1 JIT runner binding (8b9857f) ip6tables-legacyalternative registration crash during image rebuild (43825b0)
- Dockerd wait + image load now run in background — runner starts immediately without waiting for Docker. Non-Docker jobs skip the 60s dockerd startup entirely. (
43825b0)
- Multi-region support via
MODAL_REGIONenvironment variable - Custom sandbox environment variables via
SANDBOX_EXTRA_ENV(JSON string) - Webhook secret rotation via
WEBHOOK_SECRET_OLDfallback - Per-job metrics emission (
job_completelogs with duration, GPU, region, error codes) - Matrix job example workflow (
.github/workflows/matrix-example.yml) Makefilefor local development (deploy, serve, test, lint, logs)- Unit tests for GPU parsing, concurrency limits, network config, and health endpoint
- Comprehensive
CONTRIBUTING.mdwith setup, testing, and commit conventions
- Updated
DEPLOY.mdwith troubleshooting section and full environment variable reference - Updated
README.mdwith badges, quickstart, feature/comparison tables, and GPU docs - Optimized runner image with
uv_pip_installand removed unused packages
- Per-job GPU support via workflow labels (gpu:T4, gpu:A100, etc.) — T4, L4, A100, A100-80GB, H100
- Network isolation via
ALLOWED_CIDRSenvironment variable - Full network blocking via
BLOCK_NETWORKenvironment variable - Persistent cache volume support via
CACHE_VOLUME_NAMEenvironment variable
- Structured JSON logging with contextual fields (job_id, repo, duration, status, error_code)
- Health check endpoint (
GET /health) - Retry logic for GitHub API calls with exponential backoff (1s/2s/4s, 3 attempts, 429/5xx)
- Hardened payload validation with specific 400 error messages
- Per-repo concurrency limits via
MAX_CONCURRENT_PER_REPOenvironment variable - CI linting with ruff and pyproject.toml config
- Unit test suite (23 tests) with pytest and pytest-asyncio
tests/**added to CI path triggers
- Optimized runner image: removed unused packages (net-tools, sudo, jq), reordered layers for better caching
- All logger calls updated from f-strings to structured
extra={}pattern
- Initial release: Modal-powered ephemeral GitHub Actions runner
- Docker-in-Sandbox support for container-based workflows
- HMAC-SHA256 webhook signature verification
- Repository allowlist via
ALLOWED_REPOS - JIT runner registration for single-use tokens
- Replay protection via delivery ID cache
- Job deduplication cache
- Configurable runner version, group ID, and labels
- GitHub Enterprise domain support
- Body size limit (1MB)
- Automated CI/CD via GitHub Actions